On Wed, 2012-10-17 at 18:29 +0200, Stef Walter wrote: > On 10/17/2012 06:21 PM, Miloslav Trmač wrote: > > That's rather far from actually fixing the problem. Can we get it > > fixed_first_? It seems that we could drop the glibc caching, > > Obviously dropping the caching would be pretty nasty. Having to dlopen > the modules each time you do a getpwnam() (or friends) isn't cool. > > I assume you mean fstating the file on each lookup? I'm not against > this, and I can try and propose this to glibc, but I'm pretty sure > what's going to happen. See similar /etc/resolv.conf discussions. This would kill perf. which is why it is not done. > > or by > > modify authconfig to instruct the user to reboot after changing > > /etc/nsswitch.conf . > > That's *really* ugly, and prevents tools (like ipa-client-install or > realmd) from completing an initialization in one shot. They would have > to be split into two parts, with a reboot in between. :S Yeah, extremely painful and unnecessary, please let's avoid this. > > I'm not opposed to changing the default nsswitch.conf to avoid that > > reboot (well, I think it's ugly to refer to a non-installed module, > > but that's an aesthetic, not a principal thing) and to improve the > > user experience in the default case, but we do need to have some way > > to fix the underlying problem, a better way than just giving up and > > conceding that nsswitch.conf can't be edited from now on. > > We are working on it and I linked to that bug in my report. Ray Strode > and I are working on patches to glibc. > > http://sourceware.org/bugzilla/show_bug.cgi?id=12459 > > Obviously, if you have another idea of how to fix this other than the > above, this would be a great place to put it forward. Long term I thin I can add support for the nscd protocol to sssd, it does work around this issue, but has other drawbacks which is why we haven;t done it so far. Stef can you open a ticket so we discuss and consider whether to do it ? This will take time however, in the meanwhile it would be really nice if we could do it the simple way by just adding sss by default until a better solution is found. Simo. -- Simo Sorce * Red Hat, Inc * New York -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
